[Novalug] SElinux, my foe

Kevin Cole dc.loco@gmail.com
Mon Jul 11 11:17:55 EDT 2011


Hi,

After a long hiatus from it, I am being forced to do battle once again
with SElinux.  While I know I could just turn the damned thing off,
I'm hoping for truce and reconciliation rather than annihilation.  ;-)

So...  The news from the front thus far:

Under Ubuntu w/o SElinux, I have a working Django / mod_python setup.
(No WSGI.)  Porting the same setup to RHEL 6, it works if I turn off
SElinux, but if I leave it "enforcing", I get:

|     ImportError: No module named django.core.handlers.modpython

I think the relevant details are:

* I'm using an SVN copy of Django, living in my ~/lib/django/trunk.
* I have a symlink /usr/lib/python2.6/site-packages/django -> ~/lib/django/trunk
* I have the actual "site" in ~/Django/psite/
* Everything I can think of has been given the type httpd_user_content_t
* I've set to "on" booleans:
    - httpd_tmp_exec
    - httpd_can_network_connect
    - httpd_can_network_connect_db
    - httpd_can_network_connect
* I've looked at a lot of documentation (including that of the lead
SElinux developer for Red Hat) that suggests using commands that don't
exist.
* I've been trying to figure out how to get useful information from
the audit logs, and failing.

I'm reaching the point of considering nuclear options again. ;-)

Are there some SElinux wizards out there?



More information about the Novalug mailing list